The Logjam: TLS vulnerabilities (CVE-2015-4000) refer to situations where a remote user can exploit a flaw in the Java SE, JRockit, and Java SE Embedded SSL/TLS JSSE component to partially access and partially modify data [CVE-2015-4000].

Question:

Should I be concerned about the Logjam: TLS vulnerabilities (CVE-2015-4000) detected when accessing TIM via the MTP login page?

Environment:

TIM on MTP (Any Version)

Answer:

MTP does not run Java in any of its processes. It is installed as a prerequisite but is not running and none of our code uses it. There are never any active Java processes in MTP, hence this vulnerability should not be a concern in this case.